Kafka: usage of short password
Kafka serves as a block in a log shipping solution, data lake solutions, messaging and queue solutions. As such it is a vital and sensitive part of information security.
Using short passwords for SSL keystore can be a security risk. Short passwords are predictable and can be brute-forced, especially if a hacker has obtained a key store file.
Problem
We located a short password in Kafka's configuration file, which means that:
- It is better to use a long password
- It should be verified that there are no hardcoded passwords, or that you're generating a configuration dynamically in production with solutions such as confd.
Fix
Remove the hardcoded password (see KAFKA005), and employ a password policy.
See
Updated over 1 year ago